01-16-2022 07:54 AM
We are facing problems with NAT and DNS can anyone help us with proper guidelines.
Problem Summary :
1. In2out packets after certain amount of translations per host.
2. Frequent DNS failures.
Brief description of the fault:
Hope you can help check on a possible NAT issue observed on a C1111-8P device (and several C1111-4P devices)
The device is s/n: FCZ2514R2BH, which should be covered under policy HW30353 / SLA OSMFFIXNBD
We have been having an issue where Meraki APs that sit behind above devices (which does NATing of the Meraki management and client SSID subnets) report frequent DNS failures
on the Meraki dashboard. On the routers, have observed the ‘NatIn2out’ counters are incrementing as per below output.
Some of the devices are configured as zone-based firewalls, while others just do NAT (eg. FCZ2514R2BH).
Disabling the ZBFW configuration doesn’t make a difference to the DNS failure or NAT drop stats, so it doesn’t appear to be related to the ZBFW configuration as such.
The IOS image on the devices is c1100-universalk9.16.12.05.SPA.bin
Hope you can check and advise on any possible/known issues on this platform/IOS version.
Last clearing of QFP drops statistics : never
--------------------------------------------------------------------------------
ID Global Drop Stats Packets Octets
--------------------------------------------------------------------------------
319 BFDoffload 24 2620
139 Disabled 64 4506
53 IpFragErr 33 136253
62 IpTtlExceeded 459 23704
56 IpsecInput 36 18214
94 Ipv4NoAdj 1116 87389
19 Ipv4NoRoute 61 6090
318 MacMcastIpNonmcast 24 3920
69 NAT(NatIn2out) 700731 94618125
70 NatOut2in 119571 9250971
83 ReassTimeout 58 27288
215 UnconfiguredIpv4Fia 22491 8401904
216 UnconfiguredIpv6Fia 6511016 558373217
144 Unresolved 2 316
01-17-2022 12:58 AM
follow
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide